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(57) Abstract: A method of authenticating the identity of a user of a communication device and providing a securely encrypted 
communication channel, comprises first authenticating the identity of the user using biometric information collected and encrypted 
using apparatus which interfaces with a communication device. After authentication is complete the communication is encrypted 
using a series of different algorithms which include an encryption key derived from the user's biometric data as well as device-specific 
algorithms broadcast from time to time to the device, and an algorithm programmed into the device. The encrypted data packets 
include several separately encrypted components, the arrangement of which varies in successive data packets. The invention provides 
a means for securely authenticating the identity of a user without requiring the use of any particular communication device in order 
to do so. 
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TITLE OF THE INVENTION 

5 

METHOD AND APPARATUS FOR SECURE E-COMMERCE TRANSACTIONS 

FIELD OF THE INVENTION 

10 

This invention relates to the encryption of data and the authentication of the 
identity of participants in electronic commerce transactions and communications. In 
particular this invention relates to methods for authenticating the identity of participants 
15 and for securely encrypting said transactions and communications and apparatus therefor. 



BACKGROUND OF THE INVENTION 

20 The authentication of the identity of participants is a key requirement of most 

electronic commerce transactions. The security of the information being transmitted is 
also a concern, particularly where such information represents confidential data of the 
participant. 

25 It is known in the prior art to provide authentication of a participant by collecting 

and verifying the participant's biometric data. It is also known to encrypt the biometric 
data when transmitting it for authentication purposes. 

U.S. Patent No. 5,872,834 to Teitlebaum discloses a system involving a biometric 
30 input sensor to capture biometric data that is then encrypted and transmitted. The patent 
notes that the system is useful in electronic commerce applications to authorize payments, 
in billing applications, for credit authorization and for other electronic commerce 
purposes. The patent discusses the use of biometric input devices associated with 
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telephones or cellular telephones. An authentication center may be used to provide third 
party authentication. Teitlebaum points out that such a system enables reliable 

5 identification of the user of a communication device without being dependent on that 
particular communication device. 

U.S. Patent 5,956,409 to Chan et al. describes a method for the secure application 
of seals. An optical image of a seal is recorded by a computer and encrypted using a key 

10 for encryption generated in response to template biometric data from authorized persons. 
When a person seeks to use the seal, for example to apply the seal to a document, test 
biometric data is input from that person and used to generate a key for decryption. If the 
test biometric data matches the template biometric data, the key for decryption will be 
useful for decrypting the encrypted seal, and the person seeking access to the seal. The 

15 test biometric data represents a handwritten signature given contemporaneously by the 
person seeking access, and is verified against a set of template signatures earlier given by 
at least one authorized person. Specific signature features are determined in response to 
the template signatures and used for generating one or more keys for encrypting the seal. 
Similarly, specific signature features are determined in response to the test signature and 

20 used for generating keys for decrypting the seal. 

The use of more than one type of biometric parameter to more reliably identify 
individuals is well known. US Patent No. 5,412,738 to Brunelli et al., US Patent No. 
5,719,950 to Osten et al. and US Patent No. 5,930,804 to Yu et al. each discuss the use of 
25 at least two biometric features to authenticate the identify of a speaker. Yu et al. further 
discuss means to prevent biometric data forgery by sensing the temperature of the user's 
finger when capturing fingerprint data. 

The use of dynamic encryption keys which are periodically downloaded to an 
30 encryption device and further using keys permanently stored in the device is also known. 



PCT/CA99/01164 

3 

U.S. Patent No. 4,944,006 to Citta et al. describes a secure data packet 
transmission system and method which includes a head-end having a software 
implemented 16 bit shift register which encrypts a bit packet. Dynamic encryption is 
5 provided by utilizing an initial preset for the software corresponding to a preset 

encryption key for the shift register. Authorized subscriber terminals are provided with 
memories and decryption keys are downloaded. The bit packets are assembled with a 
global bit packet encrypted with a global encryption key and subsequent individually 

10 addressed bit packets encrypted with address keys. The address keys and terminal 
addresses are permanently stored in the subscriber terminal memories. The global 
encryption keys are changed periodically. Means are provided in each subscriber terminal 
for storing a number of global decryption keys, which are cycled through in attempts to 
decrypt the global packets. One of the global decryption keys is a permanent default key 

15 associated with the subscriber terminal to assure that communication with that terminal is 
possible despite a lack of knowledge of the terminal address or the other global 
decryption keys in its memory. 

U.S. Patent 5,805,705 to Gray et al. discloses a system for synchronizing 
20 encryption/decryption keys in a data communication network. The keys are changed 
periodically at the source and destination nodes for an established connection. A 
destination node must know not only the value of any new key but also when to begin 
using that key to decrypt received data packets. Synchronization (making sure a data 
packet is decrypted using a decryption key correlated with the encryption key used to 
25 encrypt the same packet) is achieved by defining a single bit in each packet header as a 
key synchronization bit. As long as key synchronization bit value remains unchanged 
from one received packet to the next, a receiving node will continue to use the same 
decryption key it has been using. When a change in the key synchronization bit value is 
detected, the receiving node will begin using a previously received, new decryption key. 

30 
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U.S. Patent 5,887,065 to Audebert describes a system and method for user 
authentication having clock synchronization. The system includes a first unit adapted to 
communicate with a second unit. The second unit grants conditional access to a function 
or service in accordance with an authentication operation. Both units are capable of 
running software for generating passwords by means of encryption of several dynamic 
variables as for example a time dependent variable and/or a variable representing the 

number of formulated authentication requests. The encryption may be performed using a 
dynamic key. 

U.S. Patent 5,937,068 to Audebert describes a system and method for user 
authentication employing dynamic encryption variables. The system includes a first card- 
like unit adapted to communicate with a second unit giving only conditionally access to a 
function. Both units are capable of running software for generating a password by means 
of encryption of a plurality of dynamic variables produced separately but in concert (so as 
to have a predetermined relationship, such as identity, with one another) in the units. The 
encryption is carried out in each unit by a public algorithm using a dynamically varying 
encryption key. Each time an access request is issued by a card user, the key is modified 
as a function of the number of access requests previously formulated by the card user. 

It is an object of this invention to provide a secure means of conducting electronic 
commerce transactions and other communications wherein authentication of participants 
is highly reliable. 

It is a further object of this invention to provide a secure means of conducting 
electronic commerce transactions and other communications, wherein reliable participant 
authentication may be achieved regardless of the specific communication device being 
used by a participant. 
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It is yet a further object of this invention to provide a high degree of inherent 
encryption security. 

5 It is a further object of the invention to incorporate biometric data in the encryption 

process in a manner that minimizes the effective use of biometric forgery. 

These and other objects of the invention will be better understood by reference to 
the following disclosure. 

10 

SUMMARY OF THE INVENTION 

The invention provides a means for securely authenticating the identity of a user 
15 without requiring the use of any particular communication device in order to do so. 

A user's biometric data is retained in a database at an authentication center. A 
number of biometric encryption devices are also enabled for use with the secure system. 
A registered user may use any biometric encryption device enabled by the system to 
20 establish a secure communication. The biometric encryption device may be used in 
association with a variety of standard communication devices. 

When a user wishes to authenticate his or her identity, for example in connection 
with an electronic commerce transaction, the user's biometric data is collected by and 
25 transmitted in encrypted form to the authentication center. This phase is known as the 
initial authentication phase. 

After the user's identity has been authenticated, the user's biometric data continues 
to be used as an integral component of the encryption process itself during the secure 
30 session phase of the communication. 
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In the initial authentication phase, the user's biometric data is encrypted using a 
combination of a device-specific encryption key programmed into the device as well as a 
time-specific encryption key broadcast from time to time from the authentication center to 
5 the device. 

In the secure session phase of the communication, session information is 
transmitted in composite data packets comprising varying sequences of encrypted session 
data, encrypted biometric data and encrypted device-specific reference data. Each of the 
10 components is encrypted using different keys and all components are encrypted using a 

sequence of different encryption time-specific algorithms which have been previously 
broadcast from the authentication center to the device. The relative positions of the 
components in the data packets are also changed throughout the transmission. 

15 

The various aspects of the invention will be more specifically appreciated by 
reference to the following detailed description of the preferred embodiment and by 
reference to the claims. 

20 

BRIEF DESCRIPTION OF THE DRAWINGS 

The preferred embodiment of the invention will be described by reference to the 
drawings in which: 

25 

Fig. 1 is a diagram showing participants in a typical electronic commerce 
transaction according to the invention; 

Fig. 2 is a block diagram illustrating the principal operational components of a 
30 biometric encryption device according to the invention; 
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Fig. 3 is a diagram illustrating the downloading of default keys and algorithms and 
a schedule therefor; 

5 Fig. 4 is a flowchart of the steps in the initial authentication phase from the point 

of view of the biometric encryption device according to the invention; 

Fig. 5 is a diagrammatic representation of the structure of a transmission packet 
from the device in the initial authentication phase; 

10 

Fig. 6 is a general flowchart of the steps in the initial authentication phase from the 
point of view of the authentication center; 

Fig. 7 is a general flowchart of the steps in the secure mode phase from the point 
15 of view of the biometric encryption device; 

Fig. 8 is a general flowchart of the steps in the secure mode phase from the point 
of view of the authentication center; and, 

20 Fig. 9 is a diagrammatic representation of the transmission packet structure in the 

secure mode according to the invention. 



DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

25 

Fig. 1 illustrates the principal elements of a secure communication according to the 
invention. In the illustrated example, a first participant PI desires to conduct a secure 
electronic commerce transaction with a second participant P2. For example, participant 
P2 may be a bank and participant PI may be a consumer who wishes to have bank P2 
30 transfer funds to a third party (not shown) to complete the consumer's purchase of 
product from the third party using a point of sale device. 
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The transaction is conducted by means of communication devices 10 and 12 which 
may be any form of communication device. In the illustrated example, the device is a 
telephone, but in other cases it may be a cellular phone, PDA, radio, modem or other 
5 communication device. Communication may involve any communication medium such 
as the Internet, one or more public switched telephone networks, a private network, etc. 

Participants PI and P2 may have their identities authenticated and their 
transmissions encrypted by means of biometric encryption devices 14, 16 according to the 
10 invention. 

When participant PI wishes to establish secure communication with participant 
P2, communication is enabled between device 14 and communication device 10. 

15 In one embodiment, communication is then established between communication 

device 10 and communication device 12 which is associated with participant P2. Once 
communication between PI and P2 is established, one or both of PI and P2 will formulate 
a request for secure communication facilities and will transmit the request to 
authentication center 20. Authentication center 20 will open a communication channel to 

20 each of PI and P2 and will proceed to verify the identity of PI and P2 in accordance with 
the method of the invention described below. Assuming the identities of PI and P2 are 
verified, authentication center 20 authorizes the establishment of a secure channel 
between PI and P2, with authentication center 20 acting as a go-between for the secure 
communication session. 

25 

In another embodiment, PI first establishes communication with authentication 
center 20 and undergoes authentication of Pi's identity. Authentication center 20 then 
receives Pi's request for secure communication with P2. Authentication center 20 then 
communicates with P2, verifies P2's identity, and authorizes a secure channel between PI 
30 and P2, with authentication center again acting as a go-between. 
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In yet another embodiment, the authentication center may simply authenticate the 
identity of a participant and transmit a message to a third party confirming the 
authentication. 

5 

Participant and device registration 

According to the invention, participants in the system are pre-registered with 
authentication center 20. In the registration process, the participant provides samples of 
10 the participant's unique biometric traits, as well as a participant-selected passphrase. A 
PIN number may also be provided depending on the level of security desired. However 
the preferred embodiment described herein does not rely on use of a PIN number. 

The user-supplied passphrase is used by the center to derive an encryption key 
15 known as the personal identification key (PIK). The PIK is used in the encryption 
process as described below. 

Some registered participants may elect to obtain a biometric encryption device 
which may be portable or intended to be permanently retrofitted into an existing 
20 communication device. In the event that a new participant owns a communication device 
that has built-in biometric encryption device according to the invention, such device can 
be enabled upon registration of the participant. 

Biometric encryption devices can also be registered or enabled independently of 
25 the registration of participants. At the time of registration or enablement of biometric 
encryption devices, the center will provide the device with device-specific reference data 
for eventual use in conducting secure communication. 
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Biometric encryption device 14 may take a variety of different forms including: 
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• a stand alone unit, such as a point of sale device which may be selectively 
associated with a communications device 

5 • an integral sub-assembly of a communication device 

• a portable plug-in (e.g. into a PC Card slot) for a communication enabled device 

• a retrofittable component to an existing communication device, such as a 
10 replacement handset for a telephone 

• a chip embedded in the communication device which provides the processing, 
encryption/decryption and memory functions, and which is used in conjunction 
with biometric input sensors associated with a communication device. 

15 

Fig. 2 illustrates the principal functional elements of biometric encryption device 
14 according to the invention. 

Memory means 22 stores encryption keys and algorithms as well as key and 
20 algorithm scheduling information as described in more detail below. Memory 22 includes 
at least one device-specific key (Km) and at least one device-specific algorithm (A M ) for 
use in encryption as described below. Km and A M are known to the center 20. 

Clock 24 is used to determine the precise time at which a request for authentication 
25 will be dispatched for the purposes of selecting the appropriate time-dependent key (Kb) 
and algorithm (A B ) to be used to encrypt the request and related data. The time- 
dependent key and algorithm K B and A B are discussed below. 

Biometric input sensors 26 comprises means for capturing biometric data, for 
30 example fingerprints, pulse data and voice print. It also analyzes the raw biometric data 
to extract features which uniquely characterize an individual user, and converts the 
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extracted features into a format which is consistent with the authentication center's 
protocol for such data. 

5 Encryption/decryption engine 28 operates to encrypt and decrypt messages or data 

according to encryption keys and algorithms stored in memory 22. 

A communications manager 30 provides an interface for inputs to the device 14 
and for outputs from device 14 either directly to a communication channel or to the 

10 communication device for transmission by the communication device. It will be 
appreciated that the physical form of the interface take a variety of forms including a port 
connecting to a communication device port, a hard wired connection in the case of a 
biometric encryption device which is built into a communication device, or other suitable 
interface means. Inputs to device 14 include notably data to be encrypted, information 

15 downloaded from time to time from authentication center 20 such as encryption keys, 
algorithms and algorithm sequencing and scheduling information (described below), and 
participant data required for the authentication process such as participant's name, 
identification of the other participant, etc. Communications manager 30 may also act to 
monitor the communication otherwise being conducted through the communication 

20 device so as to divert and encrypt only a limited selection of information, such as a credit 
authorization or funds transfer request, as opposed to encrypting an entire communication 
session. 

User interface 32 may comprise any suitable user interface means enabling device 
25 14 and the user to exchange instructions and responses. It will be appreciated that 
depending on the selection of the type of biometric inputs to be used in the authentication 
process, and the functionality which the biometric input sensor 26 is given, some or all of 
the user interface functions or the data input functions may be provided by biometric 
input sensor 26 itself. 
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Broadcast Keys, Algorithms. Sequences and Schedules 

From time to time, authentication center 20 transmits to biometric encryption 
5 device 14 updated encryption keys, algorithms, an algorithm sequence and a schedule for 
their use. Such updated information is stored in device memory 22. The updated 
information is broadcast to all enabled devices at unpredictable times. This process is 
illustrated in Fig. 3 wherein A D , K B and S B are algorithms, keys and sequences and 
schedules specific to groups of biometric encryption devices or to individual devices. 
10 Such grouping may be preferred to minimize the time required to broadcast the 
information compared to broadcasting such information for each individual device in use 
in the system. However, the use of different keys, algorithms and sequences and 
schedules for at least different groups of devices minimizes the possibility of 
unauthorized interception. 

15 

In addition, any time a user powers up a communication device associated with an 
enabled biometric encryption device 14, contact with the authentication center 20 is made 
and current keys, algorithms and sequences and schedules applicable to that device are 
retrieved from the authentication center. Preferably such transmission from the 
20 authentication center comprises a bundle of keys, algorithms and schedules such that a 
person obtaining possession of the device 14 and monitoring the update will not be able 
to easily determine which of them are intended for the specific device. 

The broadcast keys, algorithms and sequences and schedules A B , K B and S B are 
25 stored in memory 22 for later use in the initial authentication phase of a secure 
communication. 

Initial Authentication Phase 



30 



Fig. 4 is a flowchart of the initial step in establishing a secure communication to 
cover the transaction. In this phase of the process initial authentication of the 
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participant/user is performed. The device 14 prompts the user to enter his or her name. 
The user is then prompted (40) to input biometric data. Such biometric data may 
comprise any number of biometric traits, but the preferred embodiment of the invention 
5 captures biometric data for at least two traits to maximize the reliability of the 
authentication and to render the process relatively more independent of the use of specific 
communication devices. The biometric data is read (42) by sensor 26 which then extracts 
(44) the distinctive features from the raw biometric data and formats (46) them according 
to the biometric data formatting protocol used by the authentication center 20. 

10 

In order to effect encryption, CPU 34 first determines (48) the current time by 
reference to clock 24. 

CPU 34 then retrieves (50) S B from memory 22 (S B was previously received from 
15 authentication center 20 in a broadcast or at powering up of the communication device as 
described above). Sb determines which specific key and algorithm are to be used for 
communications initiated at the specific time determined by reference to clock 24 and 
these are retrieved (52). The time-specific key and algorithm are designated as K T and 
At. 

20 

A M and K M are also retrieved (54)). 

At and A M are then combined (56) to form a device-specific encryption algorithm, 
while K T and Km are combined to form a device-specific encryption key. The resulting 
25 algorithm and key are therefore unique to that particular device at that particular time. 
They are then delivered (58) to the encryption/decryption engine 28. 

The biometric features which have previously (46) been formatted according to the 
required biometric data formatting protocol are then encrypted (60) by the 
30 encryption/decryption engine 28. Similarly the engine 28 encrypts (64) the user's name. 
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A device-specific permanent ID number is then retrieved (66) from memory 22 
and is encrypted using A T and K T only. 

5 A transmission packet for requesting initial authentication is then formulated (66) 

comprising: 

• the encrypted biometric information 

• the encrypted user name 

10 • an encrypted device-specific ID number 

The device-specific ID number is encrypted only at a system level since the 
authentication center 20 must be able to identify the alleged identity of the biometric 
encryption device 14 in order to know how to formulate a decryption key and algorithm. 
15 Thus the device ID is encrypted according to an encryption algorithm and key which are 
common to all devices within the system and that are of the same type (e.g. a portable 
biometric encryption device, a device permanently associated with a cellular telephone, 
etc.). Such encryption may for example be done using device-type specific A T and K T . 

20 Once the device is identified, the authentication center formulates the decryption 

key and algorithm using the same information used to encrypt the data in device 14, all 
such information having been either broadcast from the center 20 itself, including A B (and 
therefore A T ), and K B (and therefore K T ), or are known to the center at the outset (A M and 
Km). Once the message is decrypted, the biometric data is compared to that stored by 

25 authentication center 20 for verification. 

Verification is then communicated (70) by center 20 to device 14 and secure mode 
communication is enabled (78). The verification message transmitted from center 20 to 
device 14 includes the personal identification key (PIK) of the user. 

30 
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Secure Session Phase 

In the secure session mode, the biometric data is used to create one or more 
biometrically derived encryption keys which are used to encrypt all or a portion of the 
transaction data or the communication itself as the case may be. The use of an encryption 
key derived from the user's biometric data ensures a high level of security for the 
transaction or communication and a high level of confidence in the identity of the user. 

The risk of biometric data forgery is minimized by combining biometrically 
derived encryption with encryption parameters which include device dependent 
parameters, broadcast dependent parameters and dynamic varying of not only the keys 
and algorithms involved, but of the structure of the transmission packets themselves. 

Throughout the secure session, further biometric data may be collected from time 
to time to periodically authenticate the identity of the user and to avoid interception and 
overriding of an on-going communication. 

The components of a transmission packet in the secure mode are: 

• encrypted biometric data 

• encrypted transaction or communication data 

• encrypted device reference data 

• continuity check information 

The packet may also include periodic security checks which are also encrypted. 

Encrypted Biometric Data 

This component of the transmission packet comprises the biometric data which has 
been collected from the user. In the preferred embodiment, such biometric data is 
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collected from time to time during the communication for the purpose of ensuring 
periodic authentication of the user. Each time a new collection is taken and transmitted, 
the authentication center re-authenticates the user's identity. 

5 

The biometric data portion of the transmission packet is encrypted using a key 
derived from a combination the device-specific key K M and the personal identification 
keyPDC. 

10 Encrypted transaction or communication data 

This comprises the electronic commerce transaction or financial data or the 
communication itself, as the case may be. This data is encrypted using a key derived 
from a combination of the user's biometric information and the personal identification 
15 keyPIK. 

Thus it will be appreciated that the transaction or communication data is encrypted 
in a highly secure and user-specific manner in that the user's unique biometric data is 
used as a part of the encryption key. In addition, the incorporation of the user's personal 
20 identification key PIK (which was derived from the passphrase selected by the user and 
which is known only to the center 20) minimizes the risk of successful interception of the 
communication. 

Encrypted device reference data 

25 

This comprises device specific data (e.g. a page of text or images) which is 
programmed into the device 14 at the time of registration and which is known to the 
center 20. While this reference data may be changed from time to time, in the preferred 
embodiment it remains the same for the course of a given secure communication. 

30 
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The key used to encrypt the device reference data is derived from a combination of 
the biometric data of the user and the device-specific key Km. 

5 Algorithm 

The algorithm used to encrypt the packets changes or rotates throughout the 
transmission as algorithm- 1, algorithm-2 ... algorithm-n. In the preferred embodiment 
the number of packets which have been transmitted determines each transition from one 
10 algorithm to the next. In Fig. 9 the sequence of successive packets and the algorithms 
used to encrypt their components is shown in the horizontal dimension. 

The algorithms and their sequence are included as part of the broadcast referred to 
above. Depending on the time at which a secure communication is enabled, a certain one 
15 of the broadcast algorithms will be used as the starting algorithm for the encryption of the 
secure mode communication. Successive algorithms may follow the sequence dictated by 
the broadcast. 

Packet organization 

20 

The above identified components of a transmission packet, namely the encrypted 
biometric data, the encrypted transaction or communication data and the encrypted device 
reference data, are arranged in a given packet in a varying sequence. The sequence of 
types of data in a given packet is illustrated in the vertical dimension in Fig. 9. The 
25 sequence is a varying one which changes each time the algorithm changes (but which may 
change for any given algorithm as well). 

The specific arrangements of types of data for each packet and/or for each 
algorithm are communicated to device 14 by the broadcast. Thus At is used to govern the 
30 arrangements. The key used for this purpose is the user specific key, PIK. 
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Thus is will be appreciated that the invention provides a highly encrypted 
communication which is a function of keys derived from the following sources: 

• The biometric traits of the specific user 

• The device itself (A M , Km) 

• Arbitrary choice by the user (the PIK) 

• The center (the device reference data) 

The system according to the invention also provides device independence for a 
user. Although each device used is enabled for use with the system, a registered user may 
choose any enabled device to complete a transaction or communication. Such device 
independence gives the user flexibility in effecting secure transactions, and allows the 
system to track activity by a specific user, for example for billing purposes. 

It will be appreciated that although the preferred embodiment of the invention has 
been described in relation to an electronic commerce transaction, the encryption method 
and apparatus may equally be applied to any communication, whether it is of a financial 
nature or not. 

It will also be appreciated by those skilled in the art that while the preferred 
embodiment of the invention has been described in detail, variations to the preferred 
embodiment may be practised without thereby departing from the scope of the invention, 
which scope is reflected in the principles of operation and structure reflected in the 
foregoing disclosure and in the following claims. 
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CLAIMS 

5 1 . A method of authenticating the identity of a user of a communication device 
comprising the steps of: 

determining the alleged identity of said user; 

10 collecting biometric data from the user; 

encrypting said biometric data; 

delivering said encrypted biometric data to a communication device; 

15 

transmitting said encrypted biometric data to an authentication center; and, 
comparing the biometric data to recorded biometric data for the user. 

20 

2. A method as in claim 1 wherein at least two types of biometric data are collected 
from the user. 

3. A method as in claim 2 wherein one of said types comprises pulse data. 

25 

4. A method for authenticating the identity of a user of a communication device 
comprising the steps of: 

providing apparatus having memory means, a biometric input sensor, an 
30 encryption engine and a communication interface for communicating information 

to said communication device; 



WO 01/43338 



20 



PCT/CA99/01164 



operatively connecting said apparatus to said communication device by means of 
said interface; 

requiring said user to input biometric data into said biometric input sensor; 
using said apparatus to encrypt said biometric data; and, 

using said communication device to dispatch said encrypted biometric data to an 
authentication center. 

5. A method for authenticating the identity of a user of a communication device 
comprising the steps of: 

providing apparatus having memory means, a biometric input sensor, an 
encryption engine and a communication interface for communicating information 
to said communication device, said apparatus being operatively connecting to said 
communication device by means of said interface; 

requiring said user to input biometric data into said biometric input sensor; 
using said apparatus to encrypt said biometric data; and, 

using said communication device to dispatch said encrypted biometric data to an 
authentication center. 

6. A method as in claim 5 further comprising the step of enabling said apparatus for 
biometric encryption through said authentication center. 
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7. A method as in claim 6 wherein said enabling step comprises fiirther comprising 
the step of recording in said memory means encryption parameters supplied by said 
authentication center. 

8. A method as in claim 7 wherein said encryption parameters are specific to said 
apparatus. 

9. A method as in claim 8 wherein said encryption parameters comprise an 
encryption key and an encryption algorithm specific to said apparatus. 

10. A method as in claim 7 or 8 wherein said encryption parameters comprise 
reference data unique to said apparatus. 

11. A method as in claim 5 or 9 further comprising the step of downloading a plurality 
of encryption keys and encryption algorithms from said authentication center to said 
memory means. 

12. A method of encrypting a communication session comprising the steps of: 
performing the steps of claim 9; 

downloading a plurality of encryption keys and encryption algorithms from said 
authentication center to said memory means; 

receiving a message from said authentication center confirming the identity of said 
user, and, 

encrypting the balance of the communication session using at least one of said 
downloaded encryption algorithms. 
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13. A method as in claim 12 wherein said step of encrypting the balance of said 
communication session comprises using encryption keys which include at least one 
encryption key derived from said biometric data. 

5 

14. A method as in claim 12 wherein said step of encrypting the balance of said 
communication session comprises using a plurality of said downloaded encryption 
algorithms in succession. 

10 15. A method as in claim 12 further comprising the step of using said biometric data in 
the encryption process. 

16. A method as in claim 15 wherein the step of encrypting the balance of said 
communication session comprises using at least one encryption key derived from said 

15 biometric data and at least one key not derived from said biometric data. 

17. A method as in claim 16 wherein the biometrically derived key and said key not 
derived from biometric data are sequentially used in the encryption process and said 
sequence is varied throughout the communication session. 

20 

18. A method for authenticating the identity of users of communication devices 
comprising: 

recording the identity and biometric data of a plurality of users in a database; 

25 

configuring a plurality of apparatus for encrypting biometric data and for 
providing such encrypted biometric data for transmission by a communication 
device; 
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receiving a communication from a communication device associated with one of 
said plurality of apparatus, said communication comprising encrypted biometric 
data of a user of said communication device; 

5 

decrypting said communication and authenticating the identity of the user; and, 
transmitting the results of said step of authenticating. 



10 

19. A method as in claim 18 wherein said step of transmitting the results comprises 
transmitting the results to a third party. 

20. A method as in claim 18 wherein said step of configuring comprises assigning to 
15 said apparatus device-specific encryption parameters. 

21. A method as in claim 20 wherein said device-specific encryption parameters 
include an encryption key and an encryption algorithm. 

20 22. A method as in claim 21 wherein said parameters further include device-specific 
reference data. 

23. A method as in claim 22 further comprising the step of from time to time 
downloading to said plurality of apparatus at least one encryption algorithm. 

25 

24. A method as in claim 23 wherein a plurality of encryption algorithms are 
downloaded from time to time. 

25. A method as in claim 24 further comprising the step of: 
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once the identity of said user has been authenticated, selecting at least one of said 
downloaded encryption algorithms to be used in decrypting the balance of the 
communication session. 

5 

26. A method as in claim 25 wherein a plurality of said downloaded encryption 
algorithms are used in decrypting the balance of the communication session. 

27. A method as in claim 25 further comprising the step of transmitting to said 
10 apparatus an encryption key derived from information previously provided to said 

authentication center by said user. 

28. A method of establishing an encrypted communication with a user whose identity 
has been authenticated, comprising the steps of: 

15 

authenticating the identity of the user using the user's biometric data by 
transmitting said biometric data to an authentication center, said biometric data 
being encrypted according to a first encryption algorithm; 

20 once said identity has been authenticated, encrypting said communication 

according to at least one second encryption algorithm which is different from said 
first encryption algorithm. 

29. A method as in claim 28 wherein the user's biometric data is used to generate the 
25 encryption key to be used in connection with said second encryption algorithm. 

30. A method as in claim 28 wherein said at least one second encryption algorithm 
comprises a plurality of algorithms each of which is used at different stages of the 
communication session. 
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31. A method as in claim 30 wherein the user's biometric data is used to generate the 
encryption key to be used in connection with said second encryption algorithm. 

5 32. A method as in claim 29 wherein said encrypted communication comprises 
generating data packets having a plurality of components, one of said components 
comprising session information supplied by said user (such as financial transaction data 
or spoken messages), the other of said components not comprising such session 
information. 

10 

33. A method as in claim 32 wherein said components of said data packets are given 
varying relative positions in the course of the communication session. 

34. A method as in claim 32 wherein said other components comprise biometric data. 

15 

35. A method as in claim 32 wherein said other components comprise reference data 
specific to a device being used to conduct said encryption. 

36. A method as in claim 32 wherein each of said components is encrypted using a 
20 different encryption algorithm and a different encryption key. 

37. A method as in claim 30 wherein successive algorithms to be used at said different 
stages have previously been transmitted from said authentication center and have been 
stored in memory means. 

25 

38. A method as in claim 37 wherein said second encryption algorithm is retrieved 
from said memory means and is selected from a plurality of algorithms in said memory 
means according to the time said second encryption is undertaken. 

30 39. A method as in claim 28 further comprising the step of transmitting, to apparatus 
being used by said user to encrypt the user end of said communication, an encryption key 
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derived from information previously provided by said user to said authentication center, 
and using said encryption key in subsequent decryption of said communication. 

5 40. A method of encrypting a communication from a user using an encryption 
algorithm and an encryption key comprising the steps of: 

collecting from said user biometric data which uniquely identifies said user; and, 

10 using said biometric data as a component of said encryption key. 



41. Apparatus for enabling the authentication of the user of a communication device 
and for encrypting a communication session comprising: 

15 

memory means for storing encryption keys and algorithms; 
at least one biometric input sensor means; 
20 an encryption engine; 



a user interface; and, 
processing means. 

25 

42. Apparatus as in claim 41 further comprising means for managing communications 
between said apparatus and a communication device. 

30 43. Apparatus as in claim 42 wherein said user interface is incorporated into said 
biometric input sensor. 
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44. Apparatus as in claim 41 wherein said biometric input sensor means are adapted to 
collect data regarding at least two biometric traits. 

5 

45. Apparatus as in claim 44 wherein said biometric traits include fingerprint, voice 
print and pulse data. 

46. Apparatus as in claim 41 or 42 further comprising a clock for determining current 
10 time. 

47. Apparatus as in claim 41 or 42 wherein at least one device-specific encryption key 
and at least one device-specific encryption algorithm are recorded in said memory means. 

15 48. A method of encrypting a communication session comprising the steps of: 

authenticating the identity of a participant in the communication session by 
verifying the participant's biometric data; 

20 previously downloading a plurality of encryption keys and encryption algorithms 

from said an authentication center to memory means in apparatus used to encrypt 
the participant's end of the communication; 

encrypting the balance of the communication session using at least one of said 
25 downloaded encryption algorithms. 

49. A method as in claim 48 wherein said step of encrypting the balance of said 
communication session comprises using encryption keys which include at least one 
encryption key derived from said biometric data. 
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50. A method as in claim 48 wherein said step of encrypting the balance of said 
communication session comprises using a plurality of said downloaded encryption 
algorithms in succession. 

5 

51. A method as in claim 48 further comprising the step of using said biometric data in 
the encryption process. 

52. A method as in claim 51 wherein the step of encrypting the balance of said 
10 communication session comprises using at least one encryption key derived from said 

biometric data and at least one key not derived from said biometric data. 

53. A method as in claim 52 wherein the biometrically derived key and said key not 
derived from biometric data are sequentially used in the encryption process and said 

15 sequence is varied throughout the communication session. 

54.. A method of encrypting a communication session following authentication of the 
identity of a participant in said communication, said encryption using a plurality of 
encryption keys which collectively are a function all of the following: 

20 

the biometric traits of said participant; 

a key specific to the apparatus used to encrypt the participant's end of the 
communication; 

25 

information provided by said participant; and, 

reference data specific to the apparatus and assigned by an authentication center. 
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55. A method of encrypting a communication session following authentication of the 
identity of a participant in said communication, comprising the step of generating a 
plurality of data packets comprising at least two of the following components in each data 
packet: 

encrypted biometric data; 

encrypted transaction or communication data; 

encrypted device reference data; 

continuity check information. 

56. A method as in claim 55 wherein the arrangement of said components in said data 
packets varies throughout the communication session 
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